Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [denyhosts]

DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It identifies brute force attacks and bans access using tcp_wrappers, and in recent versions iptables.

DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python.

30 questions
1
vote
8 answers

Weekly Cron / Logrotate / Denyhosts error

I am getting the following error email every week. It appears to be a problem with either cron, logrotate, or denyhosts. I'm not sure which. Subject: Cron test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily…
Unknown
  • 1,685
  • 6
  • 20
  • 27
1
vote
1 answer

Block sender after sending to n non-existent email addresses

I have a domain that I use for my email. There are a couple of actual email addresses there, and everything else goes to a catchall. I use the catchall so I can create email addresses on-the-fly, like when I need to register for a site to download…
Curtis Mattoon
  • 173
  • 1
  • 5
1
vote
1 answer

Why does denyhosts `hosts-restricted` file have contents when there are no `restricted-usernames`?

I have a user that is getting blocked by denyhosts on a daily basis after some initial problems and confusion with keys, passwords, account names and such, even though I keep unblocking him. When I went to /var/lib/denyhosts (WORKDIR specified in…
Amadan
  • 159
  • 1
  • 14
1
vote
4 answers

How can I prevent denyhosts from adding the same host to the denied file over and over

I am using denyhosts on my FreeBSD (6.2) box, and everything appears to be working fine, except denyhosts keeps adding the same 4 hosts to my denied file over and…
grieve
  • 1,547
  • 3
  • 17
  • 18
0
votes
1 answer

Denyhosts killing ssh, denyhosts file contains weird characters

We noticed this morning that we are unable to login with SSH into our server. Our server providers then installed a minimal Linux on the ram. After mounting the disks and chrooting into it, I stopped denyhosts temporarily and when I went in…
We are Borg
  • 177
  • 1
  • 18
0
votes
2 answers

Where is denyhosts WORK_DIR in Ubuntu?

I'm trying to configure my denyhosts on my server and I read in it's FAQ's entry on How can I prevent a legitimate IP address from being blocked by DenyHosts? that I have to move to WORK_DIR. I don't know where WORK_DIR is? Does anyone know where is…
user189122
  • 1
  • 1
0
votes
1 answer

Regaining access to server after I banned myself with denyhosts

I have installed DenyHosts 2 days ago and I didn't added my IP to list of safe IPs. Today I connected my server but it struggled a bit and I had to terminate my application which I connect to server. After that I got banned from my own server. I can…
user189122
  • 1
  • 1
0
votes
1 answer

hosts.deny line too long or too big file?

I have about 50k ip addresses denied in the hosts.deny file, generated by a script with 7 addresses per line max and get this error: warning: /etc/hosts.deny, line 4429: missing newline or line too long Line 4429 is the one in the middle here: ALL:…
Daniel W.
  • 1,609
  • 4
  • 26
  • 48
0
votes
1 answer

How do I enable tcpwrapper (hosts.deny) filter in mysqld / mariadb

How do I enable tcpwrapper (hosts.deny) filter in mysqld / mariadb prefered solution without recompiling. Using Debian, MariaDB 5.5 64 bit - Or should I just use iptables? What's faster and what is the largest amount of ip's I can block without…
Daniel W.
  • 1,609
  • 4
  • 26
  • 48
0
votes
1 answer

Hosts.deny file not being updated by denyhost service

I have denyhosts running on my server to block IPs that repeated fail to login over ssh, for example brute force style attacks. I can see that entries in the auth.log file have not been updated in the hosts.deny file for some time. How can I check…
niallhaslam
  • 101
  • 2
0
votes
1 answer

On Solaris, how to log IP when using winbind auth and invalid user?

This is on Solaris 10 sparc platform. I'm trying to make our denyhosts script block the dictionary ssh attacks. Unfortunately, the logging does not show an IP when the user name is invalid. We are using winbind module in pam.conf If I intentionally…
labradort
  • 1,169
  • 1
  • 8
  • 20
0
votes
2 answers

SSH Authentication - Bruteforce attack prevention

I use certificate/key based ssh authentication with sshd running on non standard port. Do I still need to install denyhosts/fail2ban or log analysis based detection?. Do I get any advantage?
appuser
  • 3
  • 1
0
votes
3 answers

suggest: software like denyhosts without python or ruby

Last years i use perfect software denyhosts for analyze logs and deny access if some ip address have 3 or more unsuccess logins. I like that, but problem is - too much CPU/memory consuption for my weak computers. May be some software without…
Korjavin Ivan
  • 2,250
  • 2
  • 26
  • 41
0
votes
1 answer

checking if deny host is running and tcpwrappers

On this link http://www.cyberciti.biz/faq/block-ssh-attacks-with-denyhosts/ if you search following grep 'from' /var/log/auth.log|cut -d ' ' –field=13 | uniq -c | sort -nr > ct-result.txt the comment says to grep all the IPs and put them to…
Bond
  • 781
  • 4
  • 12
  • 22
0
votes
1 answer

hosts.deny not working

Currently I am watching the live auth.log and someone is continuously trying the brute force attack for 10 hours. Its my local server so no need to worry but I want to test. I have installed denyhosts. There is already an entry for that IP address…
John
1
2